20.xx: postponse LuCI HTTPS per default

W. Michael Petullo mike at flyn.org
Fri Nov 20 11:47:41 EST 2020


>> I think making use of self-signed certificates in production is a bad
>> idea because (1) it reinforces poor practices, namely electing to trust
>> a self-signed certificate and (2) it does not authenticate the
>> server/router, a critical piece of the TLS security model.
 
> maybe, but it's still better than sending all communication to the
> management interface as plain text.

>> My point of view is that we should delay HTTPS-by-default until we have
>> a scheme for establishing the identity of the router. Until then, we
>> should be honest and make use of HTTP.

What is the difference between transmitting packets containing cleartext
and transmitting encrypted packets to a party whose identity you do
not know?

> nobody is working on that, and in most cases it's not really possible. You
> always have a point where the user has to make the call of trusting the
> device's ID or code or something.

Yes. This is true, and trusting CAs is a specialization of this. I
understand that we do not have a scheme yet, and the necessary out-of-band
channels in a router are limited. What I am arguing is that just falling back on
self-signed certificates in order to turn on HTTPS is not a good solution
and is in fact counter-productive.

-- 
Mike

:wq



More information about the openwrt-devel mailing list